admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-01T20:00:25.380934+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-01 20:00:28 +00:00
parent 37d5424f18
commit 9f106578ec
35 changed files with 3376 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2022/CVE-2022-467xx/CVE-2022-46783.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2022-46783",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T12:15:08.817",
"lastModified": "2023-08-28T13:07:56.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T19:03:25.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stormshield:ssl_vpn_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "4FB6E817-FE92-41D4-9E28-E0CD487CE963"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.stormshield.eu/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://advisories.stormshield.eu/2022-029/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-15xx/CVE-2023-1523.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-1523",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-09-01T19:15:42.707",
"lastModified": "2023-09-01T19:15:42.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523",
"source": "security@ubuntu.com"
},
{
"url": "https://github.com/snapcore/snapd/pull/12849",
"source": "security@ubuntu.com"
},
{
"url": "https://marc.info/?l=oss-security&m=167879021709955&w=2",
"source": "security@ubuntu.com"
},
{
"url": "https://ubuntu.com/security/notices/USN-6125-1",
"source": "security@ubuntu.com"
}
]
}

47
CVE-2023/CVE-2023-333xx/CVE-2023-33317.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33317",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:12.100",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T18:38:41.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:returns_and_warranty_requests:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.6",
"matchCriteriaId": "2A312D93-DE6D-4C13-BE5A-23D14C58E902"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-333xx/CVE-2023-33325.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33325",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T13:15:12.373",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T19:05:34.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:te-st:leyka:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.30.1",
"matchCriteriaId": "E8694F5E-8905-41DA-98A1-A37B0881EAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-338xx/CVE-2023-33876.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-33876",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-07-19T14:15:10.393",
"lastModified": "2023-07-26T21:04:42.287",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-01T18:15:07.427",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled."
"value": "A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled."
}
],
"metrics": {

48
CVE-2023/CVE-2023-340xx/CVE-2023-34032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34032",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T15:15:08.980",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T19:15:40.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:casier:bbpress_toolkit:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.12",
"matchCriteriaId": "D2A99153-F084-4A08-95AF-E8D580AF5DF1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bbp-toolkit/wordpress-bbpress-toolkit-plugin-1-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-341xx/CVE-2023-34174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34174",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T14:15:08.747",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T19:37:34.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bbsetheme:bbs_e-popup:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.5",
"matchCriteriaId": "DE2912A8-C351-483F-A5FF-423458EE4AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bbs-e-popup/wordpress-bbs-e-popup-plugin-2-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-341xx/CVE-2023-34175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34175",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T14:15:09.013",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T19:36:10.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +64,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:login_configurator_project:login_configurator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1",
"matchCriteriaId": "4D1F3C1F-E34A-467B-8939-DBB7C01CC574"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/login-configurator/wordpress-login-configurator-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-341xx/CVE-2023-34176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34176",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T14:15:09.253",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T19:24:19.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chilexpress:chilexpress-oficial:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.9",
"matchCriteriaId": "D1C380FB-BEB0-417F-9063-956A33D2B1C3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/chilexpress-oficial/wordpress-chilexpress-woo-oficial-plugin-1-2-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-341xx/CVE-2023-34180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34180",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-30T14:15:09.473",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T19:22:34.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +66,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kaplugins:free-google-fonts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.0.0",
"matchCriteriaId": "B2F7528C-E25F-4393-B328-E4ADBC97A326"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/free-google-fonts/wordpress-google-fonts-for-wordpress-plugin-3-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-34xx/CVE-2023-3453.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3453",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-08-23T22:15:08.930",
"lastModified": "2023-08-24T02:02:17.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:11:49.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:etictelecom:remote_access_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.7.0",
"matchCriteriaId": "9AC4E7AE-3B13-4E78-8C62-5B6B452DC10F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

1415
CVE-2023/CVE-2023-357xx/CVE-2023-35785.json
View File

File diff suppressed because it is too large Load Diff

71
CVE-2023/CVE-2023-393xx/CVE-2023-39348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39348",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-28T20:15:08.107",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:37:25.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.28.8",
"matchCriteriaId": "5055E17C-E70F-46DF-83A0-9165DF47E729"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.29.0",
"versionEndExcluding": "1.29.6",
"matchCriteriaId": "982824E4-DEF6-403B-98EB-5DF9869D6821"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:spinnaker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.30.0",
"versionEndExcluding": "1.30.3",
"matchCriteriaId": "4E0739E0-34DD-46D9-A3AE-39E784FF4993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:spinnaker:1.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F88DF325-E9E1-4047-9668-6853E411505D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/spinnaker/echo/pull/1316",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-rq5c-hvw6-8pr7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-397xx/CVE-2023-39714.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39714",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T18:15:07.710",
"lastModified": "2023-09-01T18:15:07.710",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Arajawat007/141e68161014e832e30d39b1979a8a6c#file-cve-2023-39714",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html",
"source": "cve@mitre.org"
}
]
}

64
CVE-2023/CVE-2023-401xx/CVE-2023-40170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40170",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-28T21:15:07.873",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:36:32.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.2",
"matchCriteriaId": "B83A20E2-B301-47B0-AE30-3363B1FE64F3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2023/CVE-2023-401xx/CVE-2023-40185.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40185",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-23T21:15:09.063",
"lastModified": "2023-08-24T02:02:17.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:02:45.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,66 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "1.7.4",
"matchCriteriaId": "68A1452B-CAE3-44C6-A01D-F9E73A62DAB8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ericcornelissen/shescape/pull/1142",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-405xx/CVE-2023-40586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40586",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:09.197",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:06:17.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +76,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coraza:coraza:3.0.0:*:*:*:*:go:*:*",
"matchCriteriaId": "7966EDCD-F5B7-4439-A2E8-8A4CE1CA250A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/corazawaf/coraza/commit/a5239ba3ce839e14d9b4f9486e1b4a403dcade8c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-410xx/CVE-2023-41051.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-41051",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-01T19:15:42.883",
"lastModified": "2023-09-01T19:15:42.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function\u2019s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://crates.io/crates/vm-memory/0.12.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2023/CVE-2023-411xx/CVE-2023-41109.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-41109",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T20:15:08.273",
"lastModified": "2023-08-29T05:18:54.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:37:07.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:patton:smartnode_sn200_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.21.2-23021",
"matchCriteriaId": "7722AB96-9C76-466B-BF73-B26027935780"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:patton:smartnode_sn200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A80D241-2596-423F-9012-3BD25DBE06A8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.syss.de/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-019.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-411xx/CVE-2023-41121.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-41121",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-25T22:15:11.313",
"lastModified": "2023-08-26T04:05:04.350",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:48:33.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4.0.499",
"matchCriteriaId": "986B8380-E886-4F0E-83C2-D07FC48C0A03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861"
}
]
}
]
}
],
"references": [
{
"url": "https://semonto.com/tools/website-reachability-check?test=325b4e588e64536b21664d24640f547",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Denial_of_Service_ID-144162.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

130
CVE-2023/CVE-2023-415xx/CVE-2023-41559.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-41559",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:14.280",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T19:10:58.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/fromNatStaticSetting/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-415xx/CVE-2023-41563.json
View File

@ -2,19 +2,114 @@
"id": "CVE-2023-41563",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T13:15:15.043",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-01T19:54:35.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peris-navince/founded-0-days/blob/main/GetParentControlInfo/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-416xx/CVE-2023-41633.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-41633",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T19:15:43.003",
"lastModified": "2023-09-01T19:15:43.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/rycbar77/3da455382f88cfb6d6798572f34378bd",
"source": "cve@mitre.org"
},
{
"url": "https://rycbar77.github.io/2023/08/29/catdoc-0-95-nullptr-dereference/",
"source": "cve@mitre.org"
}
]
}

39
CVE-2023/CVE-2023-45xx/CVE-2023-4596.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4596",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T02:15:09.353",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:17:25.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,18 +50,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.24.6",
"matchCriteriaId": "DB7C43F0-DD62-44EC-97FB-0EAC45C12678"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.exploit-db.com/exploits/51664",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-45xx/CVE-2023-4597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4597",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T02:15:09.660",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:36:38.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,18 +66,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-slimstat:slimstat_analytics:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.0.9",
"matchCriteriaId": "D7F95125-E2E9-49B0-A095-97E35735F1B7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-slimstat/tags/5.0.9/wp-slimstat.php#L892",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-45xx/CVE-2023-4599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4599",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-08-30T02:15:09.870",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:59:53.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-webhooks:email_encoder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.1.7",
"matchCriteriaId": "CD48E8F6-C218-4A21-95D9-D7ABED78A47F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.1.7/core/includes/classes/class-email-encoder-bundle-run.php#L529",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2958823/email-encoder-bundle#file60",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-46xx/CVE-2023-4611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4611",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-29T22:15:09.397",
"lastModified": "2023-08-29T23:49:20.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:36:56.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +54,75 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4611",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227244",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg310136.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

67
CVE-2023/CVE-2023-46xx/CVE-2023-4624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4624",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-30T13:15:15.287",
"lastModified": "2023-08-30T13:23:15.070",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T19:59:22.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,7 +58,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +66,51 @@
"value": "CWE-918"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.08",
"matchCriteriaId": "F1A047AC-D2DC-43E8-94C4-5C4E9851BEDF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bookstackapp/bookstack/commit/c324ad928dbdd54ce5b09eb0dabe60ef9de1ea38",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://huntr.dev/bounties/9ce5cef6-e546-44e7-addf-a2726fa4e60c",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-46xx/CVE-2023-4652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4652",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:10.063",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:39:07.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.16.1",
"matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/7a7e57e77f12f36d0e96be6d5b9066389372dbcd",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/7869e4af-fad9-48c3-9e4f-c949e54cbb41",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-46xx/CVE-2023-4653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4653",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:10.297",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:39:05.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.16.1",
"matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/7e9d79818bd52dfa7811d5978c72785054c65242",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/e0bf7e95-fc8c-4fd4-8575-8b46b9431c6d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

56
CVE-2023/CVE-2023-46xx/CVE-2023-4655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4655",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-08-31T01:15:10.740",
"lastModified": "2023-08-31T10:02:10.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-01T18:39:47.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +68,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:instantcms:instantcms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.16.1",
"matchCriteriaId": "56EF3F9B-6CDB-4568-AF80-EEF6D72B72F6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/instantsoft/icms2/commit/a6a30e7bc96cd2081707388046c0259870533da6",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/e2189ad5-b665-4ba5-b6c4-112e58ae9a97",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-47xx/CVE-2023-4707.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-4707",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T18:15:07.793",
"lastModified": "2023-09-01T18:15:07.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.238570",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238570",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-47xx/CVE-2023-4708.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-4708",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T18:15:07.893",
"lastModified": "2023-09-01T18:15:07.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.238571",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238571",
"source": "cna@vuldb.com"
}
]
}

84
CVE-2023/CVE-2023-47xx/CVE-2023-4709.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2023-4709",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-01T19:15:43.063",
"lastModified": "2023-09-01T19:15:43.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-238572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.238572",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.238572",
"source": "cna@vuldb.com"
}
]
}

76
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-01T18:00:25.460342+00:00
2023-09-01T20:00:25.380934+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-01T17:31:30.300000+00:00
2023-09-01T19:59:22.693000+00:00
```
### Last Data Feed Release
@ -29,53 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223930
223937
```
### CVEs added in the last Commit
Recently added CVEs: `20`
Recently added CVEs: `7`
* [CVE-2020-22612](CVE-2020/CVE-2020-226xx/CVE-2020-22612.json) (`2023-09-01T16:15:07.533`)
* [CVE-2022-3407](CVE-2022/CVE-2022-34xx/CVE-2022-3407.json) (`2023-09-01T17:15:07.463`)
* [CVE-2023-28366](CVE-2023/CVE-2023-283xx/CVE-2023-28366.json) (`2023-09-01T16:15:07.790`)
* [CVE-2023-36076](CVE-2023/CVE-2023-360xx/CVE-2023-36076.json) (`2023-09-01T16:15:07.857`)
* [CVE-2023-36088](CVE-2023/CVE-2023-360xx/CVE-2023-36088.json) (`2023-09-01T16:15:07.910`)
* [CVE-2023-36100](CVE-2023/CVE-2023-361xx/CVE-2023-36100.json) (`2023-09-01T16:15:07.967`)
* [CVE-2023-36187](CVE-2023/CVE-2023-361xx/CVE-2023-36187.json) (`2023-09-01T16:15:08.020`)
* [CVE-2023-36326](CVE-2023/CVE-2023-363xx/CVE-2023-36326.json) (`2023-09-01T16:15:08.077`)
* [CVE-2023-36327](CVE-2023/CVE-2023-363xx/CVE-2023-36327.json) (`2023-09-01T16:15:08.127`)
* [CVE-2023-36328](CVE-2023/CVE-2023-363xx/CVE-2023-36328.json) (`2023-09-01T16:15:08.177`)
* [CVE-2023-39582](CVE-2023/CVE-2023-395xx/CVE-2023-39582.json) (`2023-09-01T16:15:08.230`)
* [CVE-2023-39631](CVE-2023/CVE-2023-396xx/CVE-2023-39631.json) (`2023-09-01T16:15:08.370`)
* [CVE-2023-40771](CVE-2023/CVE-2023-407xx/CVE-2023-40771.json) (`2023-09-01T16:15:08.423`)
* [CVE-2023-40968](CVE-2023/CVE-2023-409xx/CVE-2023-40968.json) (`2023-09-01T16:15:08.473`)
* [CVE-2023-40980](CVE-2023/CVE-2023-409xx/CVE-2023-40980.json) (`2023-09-01T16:15:08.523`)
* [CVE-2023-4720](CVE-2023/CVE-2023-47xx/CVE-2023-4720.json) (`2023-09-01T16:15:08.577`)
* [CVE-2023-4721](CVE-2023/CVE-2023-47xx/CVE-2023-4721.json) (`2023-09-01T16:15:08.660`)
* [CVE-2023-4722](CVE-2023/CVE-2023-47xx/CVE-2023-4722.json) (`2023-09-01T16:15:08.737`)
* [CVE-2023-41627](CVE-2023/CVE-2023-416xx/CVE-2023-41627.json) (`2023-09-01T17:15:07.633`)
* [CVE-2023-41628](CVE-2023/CVE-2023-416xx/CVE-2023-41628.json) (`2023-09-01T17:15:07.690`)
* [CVE-2023-39714](CVE-2023/CVE-2023-397xx/CVE-2023-39714.json) (`2023-09-01T18:15:07.710`)
* [CVE-2023-4707](CVE-2023/CVE-2023-47xx/CVE-2023-4707.json) (`2023-09-01T18:15:07.793`)
* [CVE-2023-4708](CVE-2023/CVE-2023-47xx/CVE-2023-4708.json) (`2023-09-01T18:15:07.893`)
* [CVE-2023-1523](CVE-2023/CVE-2023-15xx/CVE-2023-1523.json) (`2023-09-01T19:15:42.707`)
* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-01T19:15:42.883`)
* [CVE-2023-41633](CVE-2023/CVE-2023-416xx/CVE-2023-41633.json) (`2023-09-01T19:15:43.003`)
* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-01T19:15:43.063`)
### CVEs modified in the last Commit
Recently modified CVEs: `14`
Recently modified CVEs: `27`
* [CVE-2018-25089](CVE-2018/CVE-2018-250xx/CVE-2018-25089.json) (`2023-09-01T17:25:13.760`)
* [CVE-2021-36978](CVE-2021/CVE-2021-369xx/CVE-2021-36978.json) (`2023-09-01T16:15:07.650`)
* [CVE-2022-27597](CVE-2022/CVE-2022-275xx/CVE-2022-27597.json) (`2023-09-01T17:10:13.670`)
* [CVE-2022-27598](CVE-2022/CVE-2022-275xx/CVE-2022-27598.json) (`2023-09-01T17:10:25.797`)
* [CVE-2023-39600](CVE-2023/CVE-2023-396xx/CVE-2023-39600.json) (`2023-09-01T16:15:08.287`)
* [CVE-2023-32559](CVE-2023/CVE-2023-325xx/CVE-2023-32559.json) (`2023-09-01T17:05:35.170`)
* [CVE-2023-40572](CVE-2023/CVE-2023-405xx/CVE-2023-40572.json) (`2023-09-01T17:07:35.057`)
* [CVE-2023-40573](CVE-2023/CVE-2023-405xx/CVE-2023-40573.json) (`2023-09-01T17:09:35.270`)
* [CVE-2023-23355](CVE-2023/CVE-2023-233xx/CVE-2023-23355.json) (`2023-09-01T17:10:05.397`)
* [CVE-2023-27604](CVE-2023/CVE-2023-276xx/CVE-2023-27604.json) (`2023-09-01T17:11:03.007`)
* [CVE-2023-3704](CVE-2023/CVE-2023-37xx/CVE-2023-3704.json) (`2023-09-01T17:12:08.027`)
* [CVE-2023-4230](CVE-2023/CVE-2023-42xx/CVE-2023-4230.json) (`2023-09-01T17:12:36.097`)
* [CVE-2023-40195](CVE-2023/CVE-2023-401xx/CVE-2023-40195.json) (`2023-09-01T17:14:19.163`)
* [CVE-2023-41028](CVE-2023/CVE-2023-410xx/CVE-2023-41028.json) (`2023-09-01T17:31:30.300`)
* [CVE-2023-40586](CVE-2023/CVE-2023-405xx/CVE-2023-40586.json) (`2023-09-01T18:06:17.537`)
* [CVE-2023-3453](CVE-2023/CVE-2023-34xx/CVE-2023-3453.json) (`2023-09-01T18:11:49.340`)
* [CVE-2023-33876](CVE-2023/CVE-2023-338xx/CVE-2023-33876.json) (`2023-09-01T18:15:07.427`)
* [CVE-2023-4596](CVE-2023/CVE-2023-45xx/CVE-2023-4596.json) (`2023-09-01T18:17:25.357`)
* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-09-01T18:36:32.463`)
* [CVE-2023-4597](CVE-2023/CVE-2023-45xx/CVE-2023-4597.json) (`2023-09-01T18:36:38.313`)
* [CVE-2023-4611](CVE-2023/CVE-2023-46xx/CVE-2023-4611.json) (`2023-09-01T18:36:56.110`)
* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-09-01T18:37:07.207`)
* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-09-01T18:37:25.700`)
* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-09-01T18:37:42.127`)
* [CVE-2023-33317](CVE-2023/CVE-2023-333xx/CVE-2023-33317.json) (`2023-09-01T18:38:41.257`)
* [CVE-2023-4653](CVE-2023/CVE-2023-46xx/CVE-2023-4653.json) (`2023-09-01T18:39:05.677`)
* [CVE-2023-4652](CVE-2023/CVE-2023-46xx/CVE-2023-4652.json) (`2023-09-01T18:39:07.780`)
* [CVE-2023-4655](CVE-2023/CVE-2023-46xx/CVE-2023-4655.json) (`2023-09-01T18:39:47.187`)
* [CVE-2023-41121](CVE-2023/CVE-2023-411xx/CVE-2023-41121.json) (`2023-09-01T18:48:33.107`)
* [CVE-2023-4599](CVE-2023/CVE-2023-45xx/CVE-2023-4599.json) (`2023-09-01T18:59:53.493`)
* [CVE-2023-33325](CVE-2023/CVE-2023-333xx/CVE-2023-33325.json) (`2023-09-01T19:05:34.913`)
* [CVE-2023-41559](CVE-2023/CVE-2023-415xx/CVE-2023-41559.json) (`2023-09-01T19:10:58.247`)
* [CVE-2023-34032](CVE-2023/CVE-2023-340xx/CVE-2023-34032.json) (`2023-09-01T19:15:40.420`)
* [CVE-2023-34180](CVE-2023/CVE-2023-341xx/CVE-2023-34180.json) (`2023-09-01T19:22:34.537`)
* [CVE-2023-34176](CVE-2023/CVE-2023-341xx/CVE-2023-34176.json) (`2023-09-01T19:24:19.840`)
* [CVE-2023-34175](CVE-2023/CVE-2023-341xx/CVE-2023-34175.json) (`2023-09-01T19:36:10.463`)
* [CVE-2023-34174](CVE-2023/CVE-2023-341xx/CVE-2023-34174.json) (`2023-09-01T19:37:34.893`)
* [CVE-2023-41563](CVE-2023/CVE-2023-415xx/CVE-2023-41563.json) (`2023-09-01T19:54:35.217`)
* [CVE-2023-4624](CVE-2023/CVE-2023-46xx/CVE-2023-4624.json) (`2023-09-01T19:59:22.693`)
## Download and Usage